package com.stx.test.serialize.pack;

import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;

public class VictimCompany {
    // 有漏洞的订单处理系统
    public static void receiveOrder(byte[] orderData) {
        System.out.println("🏢 快递公司：收到新订单，开始处理...");
        
        try {
            // 危险！直接拆开包裹而不检查
            ByteArrayInputStream bais = new ByteArrayInputStream(orderData);
            ObjectInputStream ois = new ObjectInputStream(bais);
            
            System.out.println("📦 正在打开包裹...");
            Object order = ois.readObject(); // 💥 漏洞触发点！
            
            System.out.println("✅ 订单处理完成");
            
        } catch (Exception e) {
            System.out.println("❌ 处理订单时出错: " + e.getMessage());
        }
    }
}